scaling a remote-access VPN design

Unanswered Question
Sep 17th, 2009

I have some 5540's and ACS Servers. Currently I have remote access VPN's set up to the 5540's. All of my VPM groups are reasonably small but there are many of them and each group has their access restircted by ACL's. In trying to plan for a pandemic where everybody would have to work from home, I was asked to scale the VPN solution to basically max out the 5000 vpn limit on the 5540's...the problem is that I don't have enough ip address space in the current groups and can't allocate any more ip addresses at all. So how can I increase the size of these groups without pulling more ip addresses from my network out and still maintain the ACL's without having to modify them. I was thinking that the ACS Server could provide a solution here using dACL's and RADIUS authentication but I am not sure. Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

You may try using the command "vpn-sessiondb max-session-limit" as this command used to limit VPN sessions to a lower value than the security appliance allows, use the vpn-sessiondb max-session-limit command in global configuration mode. The following example shows how to set a maximum VPN session limit of 450:

hostname# vpn-sessiondb max-session-limit 450


This Discussion